CVE-2009-1536

Description

ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability."

Related CPE's

amicrosoft.net_framework2.0sp2******

omicrosoftwindows_server_2008-*******

omicrosoftwindows_vista********

amicrosoft.net_framework2.0sp1******

omicrosoftwindows_vista-sp1******

amicrosoft.net_framework3.5sp1******

amicrosoft.net_framework3.5*******

References

36127

Third Party Advisory

35985

PatchThird Party AdvisoryVDB Entry

ADV-2009-2231

Permissions RequiredThird Party Advisory

1022715

Third Party AdvisoryVDB Entry

56905

Broken Link

http://blogs.technet.com/srd/archive/2009/08/11/ms09-035-asp-net-denial-of-service-vulnerability.aspx

Vendor Advisory

TA09-223A

Third Party AdvisoryUS Government Resource

oval:org.mitre.oval:def:6393

Third Party Advisory

MS09-036

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:H/Au:N/C:N/I:N/A:P

AccessVector

NETWORK

AccessComplexity

HIGH

Authentication

NONE

ConfidentialityImpact

NONE

IntegrityImpact

NONE

AvailabilityImpact

PARTIAL

BaseScore

2.5999999046325684

Created by Yello
About Severity.io